Field Effect MDR

MDR

Field Effect MDR is a productized MDR service for SMEs, MSPs and lean IT teams that uses Field Effect's portal, endpoint agent, cloud integrations, network appliance options and 24/7 SOC. After an alert, Field Effect analysts triage and can contain threats through approved response policies, while the buyer or MSP still owns policy choices, recovery work, connected tools and out-of-scope incident response.

Service
MDR
Handles
Contain threats
Price
Quote-based per-user pricing
  • Contain threats
  • Ottawa, Canada
  • 51-200
  • Founded 2016
Visit website

Shortlist fit

MSPs standardizing MDR across small-business clients

Provider handles

Service can take or orchestrate containment actions within the approved scope.

Check before buying

Choosing the Active Response policy and excluding critical systems where downtime risk matters

Also fits

  • SMBs and lean IT teams that want a vendor-owned MDR platform
  • Buyers that want containment actions without running their own SIEM workflow
  • Teams that value per-user pricing over endpoint or data-ingest pricing

Can replace

  • Endpoint-only EDR monitoring for small and mid-market environments
  • Manual triage of Field Effect endpoint, cloud and network AROs
  • Some after-hours containment actions when Active Response is enabled

Coverage

Provider covers

  • 24/7 SOC monitoring across Field Effect MDR telemetry
  • Active Response policies for approved containment actions
  • ARO workflow for actions, recommendations and observations

Your team still owns

  • Deploying endpoint agents, cloud integrations, network appliances and partner PSA workflows
  • Recovering systems, restoring service and handling business decisions after containment
  • Verifying which package covers network, cloud apps, log retention and analyst support

Tradeoffs

Works well

  • Active Response evidence supports containment, not only alert forwarding
  • Per-user pricing can simplify quoting for MSPs and SMBs with multiple devices per user
  • AROs combine vulnerability, endpoint, cloud and network findings in one workflow

Watch out for

  • Full coverage depends on choosing the right package, especially for network and cloud-app monitoring
  • Buyers get less raw telemetry control than they would with a self-operated SIEM
  • Public pricing does not include dollar amounts despite the published per-user model

Reviews

Review synthesis

G2, PeerSpot and SoftwareReviews users often describe Field Effect MDR as useful for MSPs and lean IT teams because AROs reduce noise and surface patch, endpoint or cloud-account issues. Repeated cautions include onboarding time, limited raw telemetry visibility, UI or SIEM limits and occasional installation or licensing issues.

Customers like

  • Reviewers value AROs that highlight actionable endpoint, CVE and cloud-account issues
  • MSP-oriented reviews mention PSA visibility and easier cross-client monitoring
  • PeerSpot users repeatedly mention broad endpoint, network and cloud visibility
  • Several reviews call out responsive support and analyst access

Watch out for

  • G2 and PeerSpot reviews mention onboarding or environment-tuning time
  • PeerSpot summaries include UI, SIEM capability, licensing and server installation caveats
  • SoftwareReviews includes a complaint about limited log transparency behind an ARO
  • Reddit discussion notes the tradeoff of abstracted backend telemetry

Pricing

Price
Quote-based per-user pricing
Billing
Per-user, Tiered, Custom

Questions to ask

  1. Which package covers our endpoint, network, Microsoft 365, Google Workspace and other cloud-app telemetry?
  2. Which Active Response policy will be enabled after onboarding, and which actions require approval?
  3. Are extended log retention, daily dark web monitoring, security awareness training or an incident response retainer included?

Integrations

EDR / Endpoint
  • Field Effect Endpoint Agent
  • Microsoft Defender Antivirus management
  • Carbon Black
  • Palo Alto Cortex
Cloud
  • Microsoft 365
  • Google Workspace
  • AWS
Other
  • Autotask
  • ConnectWise PSA
  • HaloPSA
  • Okta
  • Duo
  • Salesforce
  • ServiceNow
  • Zendesk

Editorial notes

Why contain threats

Field Effect MDR is classified as Contain threats because official help material documents Active Response actions such as host isolation, malicious-domain blocking, process termination and cloud account locking. The action level still depends on the buyer's selected policy.

Package boundary

Field Effect separates mEDR, MDR Core and MDR Complete. Core is aimed at smaller endpoint and cloud environments, while Complete adds network monitoring, more cloud-app coverage, longer log-retention options and enhanced analyst support.

MSP buying context

The service is built heavily for MSPs, with partner portal, license-management and PSA integration workflows. MSP buyers should confirm whether Field Effect contacts the end customer directly during urgent response and how ARO ownership maps into their own ticketing process.

Pricing boundary

Field Effect publishes a per-user quote model, not public dollar rates. Public review sites describe mixed cost perception, so buyers should compare the quoted package against the number of protected users, included data sources and optional upgrades.

Questions

Does Field Effect MDR only notify the buyer?
No. Field Effect MDR sends AROs, but official help material also documents Active Response policies that let Field Effect analysts or automation isolate hosts, block malicious domains, terminate processes or lock supported cloud accounts.
Is Field Effect MDR a full managed SOC?
No. It is best treated as active MDR. Field Effect supplies a 24/7 SOC-backed MDR platform, but the buyer or MSP still owns the connected environment, response policy, recovery work and incident response beyond the MDR scope.
Is Field Effect MDR pricing public?
Field Effect publishes a quote-based per-user model and package structure, but not public dollar rates. Buyers should ask for the per-user rate, package tier, optional upgrades and renewal terms.